I didn't say it won't happen. It theoretically could happen. In which case should Apple really be blindly sending an innocent person's private data to any 3rd party and accusing them of child porn offenses? Would that policy reassure anyone? Also, the review is a defence against one of their considered attack vectors - where a sinister agency mangers to insert phoney hashes into the DB to catch other images other than CSAM.
Not trying to be pedantic here, but from what I read, there will be no 'scanning' of photos on device. Only photo(s) that is to be uploaded to iCloud Photo will be hashed checked. Otherwise there will not be any hash checking done. This to me is not the definition of scanning.
What we still don't know is WHAT Apple is doing during the review process. Do they have the raw images of the CSAM and can actively compare flagged images to CSAM images? How else can they determine false positives? Are they just sending ANY picture that has kids in them to further review to those that DO have access to CSAM? Again, if its the latter would they be making judgement calls on 15 year olds or 25 year olds?
That’s why I put “scanning” in quotes since that’s what so many people are fixated on. Sounds like you agree with me. The hashing is done on a per-file-being-uploaded basis.
right, the only time any photos will be scanned is IF you have icloud photos turned on and you add an image to photos
The chances of a review are zero so why are you so worried about this? They are only getting reviewed after they find 30 pictures with a hash that matches the hash of already known images of child abuse. They aren’t looking for new pictures. Assuming you don’t have 30 already known images of child porn on your phone you have nothing to worry about. The chance if mistakenly identifying one of your pics is like one in a trillion…..remember , the hashes have to match, not the contents of the picture. They don’t know what the pictures are. Look at it this way :They’re comparing a bunch of numbers on your phone that represent your pictures to a list of numbers that represent known images of child porn looking for matches. If they find 30 matches someone will turn those numbers into a picture to see what it is. The chance that one of your pics is flagged in error is astronomically small. The chance of 30 mistakes is zero.
Apologies fo the delayed reply - issues with the OS I call BS....Have had nothing but issues since upgrading to Big Sur....yeah, totally, does facebook or google lay out in detail how they are scanning for csam ?
i don't think so, their system of server side scanning is infinitely more opaque, dangerous and open to considersably more abuse, they may only be using 1 database of csam which could be corrupted, they are not detailing how they are getting images or using and comparing them
apple is using only those hashes which appear in 2 separate databases which insures that the material being compared against is actual verified csam
apple is putting the database in plain sight and providing the hash for all to see and allowing 3rd party audit, we the users can check the hash on our device
if the nsa really wants to use a backdoor via the fisa they can damn sure do it anytime they want, this attempt by apple to deal with csam neither stops them nor does it make it any easier for the nsa to do what it wants, they'll just do it
i am afraid we are seeing a river of paranoia here along the lines, as you say, of "anything is possible", yeah anything is possible, tim cook may be the manchurian candidate, an nsa stooge
i don't think people are taking into account just what it would take for governments to pass legislation permanently breaking encryption and security on phones
we need to find a new way forward that balances the needs of government and the rights of users and from what i see apple is trying to do just that
in the end it all comes down to trust, if you really don't trust apple then go somewhere else, how about google
i think we have no choice but to trust and take the tradeoff of transparent, verifiable on device scanning, for the e2ee encryption that i believe apple is working toward
Of course, for me this is another issue. If the system is as flawless and perfect as Apple claims it to be, when must Apple review. Why is not the file/information automatically forwarded to NCMEC, the de facto law enforcement agency. Apple is a private citizen in this example.
As I understand, Apple has absolutely no idea of what is in the database. All they receive is the database of hashes....? So, in a worst case scenario, anything could be in the database.
To use your example, however, Airport Security is coming to your house unannounced, without your permission to rifle, no pun intended, through all your belongings BEFORE you even purchase a ticket.
My read is that if you agree to use iCloud, it scans all photos. I assume initially to create a safe database, then after that only the new images....?
i don’t think so, it starts with your first upload after you install os15, the csam database sits on the phone and when a photo is added to photos and then uploaded it is hashed and compared against csam database, it doesn’t work on photos already in the cloud since it only is only used upon upload
Uhm Apple’s “scan” only happens if you’ve already purchased ticktes to the iCloud and your pics are already in the boarding area.
Sorry but its clear you have no idea of what even says this procedure will do or how it works. The software on YOUR is operational whether you intend to go to iCloud or not, so your 'innocent' pictures' still go through the process, and the same thing would happen if it were on iCloud? There's no additional safety in having it on your hardware at all, no extra anonymity as Apple state its Anonymised? So having it on your system confers no benefits but much more extra potential risk.
Perhaps its you that should revisit Apple Docs. Have you heard of System Integration Protection? its what stops others from modifying your systems, but where Apple is the signatory so bypasses that, which allows them to modify software at will without any checks and balances.
The best description of gibberish I've seen: "A scan is not a scan if its output is cryptographic gibberish"
"Apple are insisting that there's is only one version of iOS because they don't have the means to create multiple different versions."
Not clear if Apple's checks for CSAM are allowed or not in Europe under the GDPR. Perhaps yes, due to EULA and exceptions to the rules. But it would be very interesting to see EU's reaction when Apple will try to deploy this technology there.For those of you who like Germany's heise magazin
"Comment: Apple's CSAM scans - breaking a taboo that leads to total surveillance":
Kommentar: Apples CSAM-Scans – Ein Tabubruch, der in die Totalüberwachung führt
CSAM-Scanning ist gar nicht so schlimm und auch clever? Nein, meint Jürgen Schmidt: Überwachung auf Gerätebasis ist ein Dammbruch, der verhindert werden muss.www.heise.de
While throwing out your scary trigger words ('Infect!'
) you continue to minimise the obvious problem with having that software on Apple's servers - it requires Apple servers to be able to see the contents of your Photos. That means you need 100% trust in them not to scan them for all kinds of material, or store your photos in perpetuity to be scanned at some future year when the political winds change, and to prevent other agencies hacking into them and doing those those things (again). A server with 1,000,000,000+ users' private data is a tempting target for spies and when it's breached to target one user we are all exposed.
What I know is irrelevant. As I wrote, there is specific data readily available on the limits of what humans can know.
